Knowledge base

September 06, 2025

Hack hits OM: implications for cybersecurity and traffic enforcement

 

In July 2025, the Public Prosecution Service (OM) in the Netherlands was hacked via a vulnerability in Citrix NetScaler systems. This led to widespread disruptions in both the digital justice chain and traffic enforcement. The incident shows once again how vulnerable even critical infrastructure is to cyber threats.

This blog provides an overview of the events, the government response and the implications for the digital resilience of organizations in the Netherlands.

Data Sovereignty- Your data, your rules

What happened?

1. Exploit via Citrix NetScaler (zero-day).

Hackers exploited a vulnerability in Citrix NetScaler ADC and Gateway, systems used for secure access to internal networks. Analysis showed that the vulnerability had been actively abused for some time. The attackers also managed to erase traces to make discovery difficult.

2. Direct response: full offline access

The OM decided to temporarily disconnect all systems completely from the Internet to prevent further damage. Employees could only work on location and communication was severely limited. Digital files could be viewed, but not always edited or printed.

3. Step-by-step recovery and research

Systems are being brought back online in phases, including critical components such as the Judicial Documentation System. In addition, an independent committee has been established to thoroughly investigate the incident, response and recovery process.

 

Impact on traffic enforcement: speed cameras out of service

As a result of the hack, some of the speed cameras, route controls and flex speed cameras along Dutch roads are temporarily not working. This is because systems that had been turned off could not be reactivated as long as the OM remained offline.

Focus speed cameras – cameras that detect phone use behind the wheel – did remain operational, as they operate through other systems. The exact size of the affected speed cameras was not disclosed, but it may involve dozens of installations across the country. This temporarily reduces fine revenue, although the government stresses that this is not exceptional: speed cameras are more often out of service for short periods of time.

 

What can other organizations learn?

Strengthen digital resilience

  • Use detection scripts to actively monitor vulnerable systems.

  • Patching is not enough: previous intrusions can remain active despite updates.

  • Defense-in-depth is essential: terminate sessions, renew passwords and continue to monitor logs.

  • Incident response must go beyond technology: communication and crisis management are just as important.

 

Conclusion & recommendations

  • Patching: Always install the latest updates as soon as they become available.

  • Detection: actively check if systems have been abused before.

  • Defense: Apply session termination, password resets and log analysis structurally.

  • Crisis monitoring: Ensure clear recovery plans, fast response times and cooperation with security partners.

 

Final word

This incident underscores that even critical infrastructure is vulnerable to sophisticated cyber attacks. Only with a proactive, layered defense strategy can organizations ensure their digital resilience.

Do you want to know how your organization can remain AVG and NEN7510 compliant and become more resistant to cyber threats? ALTA-ICT helps Dutch companies with proven, ISO-certified solutions.

 

Reference

¹https://www.linkedin.com/posts/altaict_cybersecurity-avg-iso27001-activity-7362070604205703168-9UOd

²https://nos.nl/artikel/2578575-meerdere-flitspalen-uit-de-lucht-na-hack-bij-om

Want to know more?

Get in touch
ALTA-ICT visual over cyberdreigingen in overheid en zorg